Tyupkin malware infects ATM machines running Windows XP 32-bit version and allows the attacker to empty the ATM cash cassettes via direct manipulation. It uses clever ways to hide itself, for example it is only active at a specific time at night. It also uses a key based on a random seed for every session. Without this key, nobody can interact with the infected ATM. When the key is entered correctly, the malware displays information on how much money is available in every cassette and allows an attacker with physical access to the ATM to withdraw 40 notes from the selected cassette.
| b670fe2d803705f811b5a0c9e69ccfec3a6c3a31cfd42a30d9e8902af7b9ed80 | Backdoor.MSIL.Tyupkin.a | Download |
| 6c59cd1e12bc1037031af48b934e9398fc85efb2a067d03b6a100dd8423e5d9b | Backdoor.MSIL.Tyupkin.b | Download |
| 8bb5c766de0a73dc0eff7c9fce086565b6220465185e258c21c5b9dfb0bef51d | Backdoor.Win32.Tyupkin.c | Download |
| 853fb4e85d8b0ad7c156ad6d3fc4b0340c8b29fa0548a3df758e7845ba8b23ae | Backdoor.Win32.Tyupkin.g | Download |
| 16166533c69f2f04110e8b8e9cc45ed2aeaf7850fa68845c64d92ff907dd44f0 | Backdoor.MSIL.Tyupkin.c | Download |
| 646433de5c56fdbc7e6e934a05e9e99012ef39a0ed6cc4bdb1d984cd4435379e | Trojan.Win32.Zapchast.akkh | Download |
| 639d2d926325275cb023014d0b446d03f1dcc8526bff1aa72373e27d78a6a674 | Backdoor.MSIL.Tyupkin.c | Download |
| 3639e8cc463922b427ea20dce8f237c0c0e82aa51d2502c48662e60fb405f677 | Backdoor.Win32.Tyupkin.h | Download |